Notes of Docker

Install docker on Manjaro

sudo pacman -S docker
sudo pacman -Syyu

Run docker

systemctl start docker
systemctl enable docker

Config docker

sudo groupadd docker
sudo gpasswd -a $USER docker ## add logged-in user to the docker group
newgrp docker

or

sudo usermod -aG docker seashine

vim /etc/docker/daemon.json

{  
  "graph": "/data/docker",
  "storage-driver": "overlay2",
  "insecure-registries": ["registry.access.redhat.com","quay.io"],
  "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"],
  "bip": "172.99.106.1/24",
  "exec-opts": ["native.cgroupdriver=systemd"],
  "live-restore": true
}

sudo systemctl daemon-reload
sudo systemctl restart docker

Login

docker login docker.io
The authentication information is stored at:
cat /root/.docker/config.json

Image operation

• Show the list of images which are available locally
  docker images
docker images -a
docker images -q
docker images -qa
docker images --digest
docker images --digest --no-trunc
• Search the image in the repository
  docker search tomcat
docker search -s 30 tomcat
docker search -s 30 --no-trunc tomcat
• Tag the specified image
  docker tag 965ea09ff2eb docker.io/mmdghh/alpine:v3.10.3

docker push docker.io/mmdghh/alpine:v3.10.3

docker rmi 965ea09ff2eb

• If the image is referenced in multiple repostories, deletion must be forced
  docker rmi -f 965ea09ff2eb
• delete all
  docker rmi -f $(docker images -qa)

Container operation

• Create and run a container
  docker run -it [IMAGE ID]

  -i, --interactive Keep STDIN open even if not attached
  -t, --tty Allocate a pseudo-TTY
  

• Create and run a container, with another name specified
  docker run -it --name ABC [IMAGE]
• Create and run a container in background
  docker run --name ABC -d [IMAGE ID]
docker run --name ABC -td [IMAGE ID]
• Show all the containers/processes running in docker
  docker ps
• Show the most recently running container
  docker ps -l
• Show the recent 6 running containers
  docker ps -l n 6
• Exit the container and stop it
  exit
• Exit the container without terminating it
  ctrl + P + Q
• Start a container
  docker start [CONTAINER NAME/ID]
• Stop a container
  docker stop [CONTAINER NAME/ID]
docker kill [CONTAINER NAME/ID]
• Stop multiple containers
  docker stop $(docker ps -p)
• Remove a container
  docker rm [CONTAINER ID]
• Remove multiple containers
  docker rm -f $(docker ps -q)
docker rm -f $(docker ps -a -q)
docker ps -a -q | xargs docker rm
• Logs of a container
  docker logs -f -t --tail [CONTAINER ID]
• Show detailed information of a container
  docker inspect [CONTAINER ID]
• Run command on the host and outside of the container
  docker exec -t [CONTAINER NAME/ID] ls -l /tmp
• Reenter the container after ctrl + P + Q
docker attach [CONTAINER ID]
docker exec -t [CONTAINER NAME/ID] /bin/bash
• Copy a file of a container to the host
  docker cp [CONTAINER ID]:/tmp/yum.long /root

Run tomcat on host machine through port mapping

• docker run -it -p [HOST PORT]:[IMAGE PORT] [IMAGE NAME]
  e.g.,
  docker run -it -p 8888:8080 tomcat:8.0.41

  -p indicates that the port number afterwards is user-specified.
  8888 is the user-specified port number of host machine.

• docker run -it -P [IMAGE NAME]
  e.g.,
  docker run -it -P tomcat:8.0.41
  -P indicates that the port number afterwards is specified by host OS.

Modify an image

Create the modified image

docker commit -a="[AUTHOR NAME]" -m="[DESC]" [CONTAINER ID] [PACKAGE]/[IMAGE NAME][VERSION ID]

Docker volumes

https://docs.docker.com/stora...

Create volumes by docker command

• Create and build link between directories of host and container(like shared directories)
  docker run -it -v /hostDataVolume:/containerDataVolume [IMAGE NAME]

  Note that if there is a error "cannot open directory .: Permission denied" when trying to mount the host directory, this issue can be fixed by appending "--privileged=true":

  docker run -it -v /hostDataVolume:/containerDataVolume --privileged=true [IMAGE NAME]

• Verify if binded successfully
  docker inspect [CONTAINER ID]

"HostConfig": {
            "Binds": [
                "/hostDataVolume:/containerDataVolume"
            ],

...

"Mounts": [
            {
                "Type": "bind",
                "Source": "/hostDataVolume",
                "Destination": "/containerDataVolume",
                "Mode": "",
                "RW": true, 
                "Propagation": "rprivate"
            }
        ],

"RW": true indicates that read/wirte operations are allowed.

• Read-only
  docker run -it -v /hostDataVolume:/containerDataVolume:ro [IMAGE NAME]
  A file can be created/updated by the host, which is readable to the container, but not modifiable.

Create volumes by DockerFile

1. Add a new folder mydocker
2. Using VOLUME in DockerFile to add volumes in an image
3. Write a DockerFile

FROM centos
VOLUME ["/dataVolumeContainer1", "/dataVolumeContainer2"]
CMD echo "finished,-----------success1"
CMD /bin/bash

4. Build the modified image
   
   At each step, an ID is printed, which showed the concept of UnionFS.
5. Run a container

Note that here we didn't specify the host directory as we did by using docker command, we can use docker inspect to get the default directory.

Mount Volume From a Parent Volume

Data volumeIt is a special directory that can be used by one or more containers. It bypasses UFS and can provide many useful features:

• Data volumeCan be shared and reused between containers
• Data volumeThe changes will take effect immediately
• Data volumeThe update of does not affect the mirror
• Data volumeThe default always exists, even if the container is deleted

Data volumeIt is designed to persist data. Its life cycle is independent of the container. Docker will not automatically delete the container after it is deletedData volumeAnd there is no mechanism such as garbage collection to deal with cases without any container referencesData volume.

If necessary, remove the data volume while deleting the container:
docker rm -v [CONTAINER]

Clean up unowned data volumes which may occupy a lot of space:
docker volume prune